Menu
It's been somewhat long I'm trying to automate the deployment of an application gateway using Terraform but it simply fails with an error message. I have made sure all protocol settings to HTTPS. However, I doubt there is something fishy with the PFX certificate.
Is it that I'm not supplying the authentication certificate due to which it's failing? Tried a lot over the web to get a solution but there are no mentions of this.
Terraform Code:
# Create a resource group
resource "azurerm_resource_group" "rg" {
name = "my-rg-application-gateway-12345"
location = "West US"
}
# Create a application gateway in the web_servers resource group
resource "azurerm_virtual_network" "vnet" {
name = "my-vnet-12345"
resource_group_name = "${azurerm_resource_group.rg.name}"
address_space = ["10.254.0.0/16"]
location = "${azurerm_resource_group.rg.location}"
}
resource "azurerm_subnet" "sub1" {
name = "my-subnet-1"
resource_group_name = "${azurerm_resource_group.rg.name}"
virtual_network_name = "${azurerm_virtual_network.vnet.name}"
address_prefix = "10.254.0.0/24"
}
resource "azurerm_subnet" "sub2" {
name = "my-subnet-2"
resource_group_name = "${azurerm_resource_group.rg.name}"
virtual_network_name = "${azurerm_virtual_network.vnet.name}"
address_prefix = "10.254.2.0/24"
}
resource "azurerm_public_ip" "pip" {
name = "my-pip-12345"
location = "${azurerm_resource_group.rg.location}"
resource_group_name = "${azurerm_resource_group.rg.name}"
public_ip_address_allocation = "dynamic"
}
# Create an application gateway
resource "azurerm_application_gateway" "network" {
name = "my-application-gateway-12345"
resource_group_name = "${azurerm_resource_group.rg.name}"
location = "West US"
sku {
name = "Standard_Small"
tier = "Standard"
capacity = 2
}
gateway_ip_configuration {
name = "my-gateway-ip-configuration"
subnet_id = "${azurerm_virtual_network.vnet.id}/subnets/${azurerm_subnet.sub1.name}"
}
ssl_certificate {
name = "certificate"
data = "${base64encode(file("mycert.pfx"))}"
password = "XXXXXXX"
}
frontend_port {
name = "${azurerm_virtual_network.vnet.name}-feport"
port = 80
}
frontend_ip_configuration {
name = "${azurerm_virtual_network.vnet.name}-feip"
public_ip_address_id = "${azurerm_public_ip.pip.id}"
}
backend_address_pool {
name = "${azurerm_virtual_network.vnet.name}-beap"
}
backend_http_settings {
name = "${azurerm_virtual_network.vnet.name}-be-htst"
cookie_based_affinity = "Disabled"
port = 443
protocol = "Https"
request_timeout = 1
}
http_listener {
name = "${azurerm_virtual_network.vnet.name}-httpslstn"
frontend_ip_configuration_name = "${azurerm_virtual_network.vnet.name}-feip"
frontend_port_name = "${azurerm_virtual_network.vnet.name}-feport"
protocol = "https"
}
request_routing_rule {
name = "${azurerm_virtual_network.vnet.name}-rqrt"
rule_type = "Basic"
http_listener_name = "${azurerm_virtual_network.vnet.name}-httpslstn"
backend_address_pool_name = "${azurerm_virtual_network.vnet.name}-beap"
backend_http_settings_name = "${azurerm_virtual_network.vnet.name}-be-htst"
}
}
Error:
Error: Error applying plan:
1 error(s) occurred:
* azurerm_application_gateway.network: 1 error(s) occurred:
* azurerm_application_gateway.network: Error Creating/Updating ApplicationGateway "my-application-gateway-12345" (Resource Group "my-rg-application-gateway-12345"): network.ApplicationGatewaysClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="ApplicationGatewayHttpsListenerMustReferenceSslCert" Message="Http Listener /subscriptions/xxxxxxxxxxxxxxxxxxxxxxxxxx/resourceGroups/my-rg-application-gateway-12345/providers/Microsoft.Network/applicationGateways/my-application-gateway-12345/httpListeners/my-vnet-12345-httpslstn uses protocol Https. Ssl Certificate must be specified." Details=[]
Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.
201
Azure portal To renew a listener certificate from the portal, navigate to your application gateway listeners. Select the listener that has a certificate that needs to be renewed, and then select Renew or edit selected certificate. Upload your new PFX certificate, give it a name, type the password, and then select Save.
2 Answers. - Free SSL certificate is available in Azure provided by DigiCert. But wildcard is not supported. You may need to use CNAME etc.
As mentioned in the azurerm_application_gateway docs you need to add the ssl_certificate_name to your http_listener block when using https.
77
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
